Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ops-files to add credhub support to NFS volume services #616

Merged
merged 3 commits into from
Sep 19, 2018
Merged

Add ops-files to add credhub support to NFS volume services #616

merged 3 commits into from
Sep 19, 2018

Conversation

davewalter
Copy link
Member

WHAT is this change about?

We've been using these ops-files in our CI along with the old secure-service-credentials.yml experimental ops-file to enable credhub support for NFS volume services.

WHY is this change being made (What problem is being addressed)?

Now that credhub is GA in v4.0.0, we want to add them to cf-d as experimental ops-files.

Please provide contextual information.

#160035537

Has a cf-deployment including this change passed our cf-acceptance-tests?

  • YES
  • NO but they are tested in our acceptance test suite (PATs)

How should this change be described in cf-deployment release notes?

New Ops-files

  • operations/experimental/enable-nfs-volume-service-credhub.yml
    • NFS volume release v1.4.0 introduces support for using CredHub instead of a SQL database to store state for nfs broker. CredHub has the advantage that it encrypts data at rest and is therefore a more secure store for service instance and service binding metadata. CredHub is required if you are using the LDAP integration, and you wish to specify user credentials at service instance creation time, rather than at service binding time.
  • operations/experimental/migrate-nfsbroker-mysql-to-credhub.yml
    • If you have been running your NFS broker with a MySQL database to store state, this ops-file creates an errand called migrate_mysql_to_credhub to allow you to migrate your service bindings and instances from MySQL to Credhub.

Does this PR introduce a breaking change?

  • YES --- does it really have to?
  • NO

Will this change increase the VM footprint of cf-deployment?

  • YES --- does it really have to?
  • NO

If migration is required, it adds a short-lived errand VM.

Does this PR make a change to an experimental or GA'd feature/component?

  • experimental feature/component
  • GA'd feature/component

What is the level of urgency for publishing this change?

  • Urgent - unblocks current or future work
  • Slightly Less than Urgent

Tag your pair, your PM, and/or team!

It's helpful to tag a few other folks on your team or your team alias in case we need to follow up later.

@julian-hj @paulcwarren @mariash

@cfdreddbot
Copy link

Hey davewalter!

Thanks for submitting this pull request! I'm here to inform the recipients of the pull request that you and the commit authors have already signed the CLA.

@cf-gitbot
Copy link

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/160333014

The labels on this github issue will be updated when the story is started.

@cf-rel-int-status-bot
Copy link

Hello friend, it looks like your pull request has failed one or more of our checks. Please take a look! 👀

@ab-pivot ab-pivot merged commit 9714a87 into cloudfoundry:develop Sep 19, 2018
@davewalter davewalter deleted the add-nfs-broker-ops-files branch September 19, 2018 23:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
accepted
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@davewalter @cfdreddbot @cf-gitbot @cf-rel-int-status-bot @ab-pivot